CVE-2020-12605

Опубликовано: 30 июн. 2020

Источник: redhat

CVSS3: 7.5

Описание

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs.

An uncontrolled resource consumption vulnerability was found in Envoy. This flaw allows an attacker to craft many HTTP requests with long field names or URLs to cause the proxy to consume excessive amounts of memory, potentially resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=1844252envoy: Resource exhaustion when processing HTTP/1.1 headers with long field names

7.5 High

CVSS3

Связанные уязвимости

CVE-2020-12605

CVSS3: 7.5

nvd

больше 5 лет назад

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs.

CVE-2020-12605

CVSS3: 7.5

debian

больше 5 лет назад

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive ...

openSUSE-SU-2022:0065-1

suse-cvrf

почти 4 года назад

Security update for envoy-proxy

7.5 High

CVSS3